Process and System for Establishing a Moving Target Connection for Secure Communications in Client/Server Systems

1. A secure communication network, comprising: at least one server connected to the network and accessing a Distributed Hash Table (DHT), the server having a private and public cryptographic key pair (S pri , S pub ); a plurality of clients connected to the network and in communication with the server, each client having a unique private and public cryptographic key pair (C pri , C pub ); the server and a communicating client implementing a randomly generated key that changes at some predetermined interval, the server publishing a descriptor d T calculated using the server's private key S pri and the client's public key C pub and storing the descriptor d T in the DHT, and the client querying for the descriptor d T stored in the DHT to obtain configuration information; wherein when the server publishes to the DHT, the server generates a descriptor for time period T, d T , and a message m, where d T is calculated by the server using the following equation: d T =H(S pri ·C pub i )∥T) 0→159 where H is a strong hashing algorithm, S pri is the server's private key, C pub i is the public key for client C i , and T defines the time period, and the message, m, is calculated by using the following equation: m = Nonce || MAC || E C pub i ⁡ ( E S pri i ⁡ ( SeedIPv ⁢ ⁢ 6 S || K || Rot ) ) where SeedIPv6 S is an Internet Protocol version 6 (IPv6) address which is the concatenation of the server's IPv6 subnet and a randomly generated seed Interface Identifier (IID), K is a symmetric key, Rot is an address rotation period, and Nonce and MAC are generated by encryption algorithms; and wherein the time period, T, is used as a component within the DHT descriptor and is varied in duration to provide the capability to dynamically and securely exchange configuration information depending on a detected environment.

2. The secure communication network of claim 1 , wherein the server stores arbitrary piece of data in the DHT that is retrieved by a client, the server generates a DHT key or descriptor d T and calculates a shared secret using a function over the private key S pri of the server and the public key C pub of the client, and when a client requests data from the DHT, the client generates d T by concatenating the shared secret between the client and the server generated using a function over the client's private key C pri and the server's public key S pub .

4. The secure communication network of claim 1 , wherein the server generates a different message for each client, even if each client should receive the same unencrypted message, due to the fact that the server uses the client's public key in order to encrypt an original message.

5. The secure communication network of claim 1 , wherein the DHT is the BitTorrent Distributed Hash Table.

6. The secure communication network of claim 1 , wherein the encryption algorithm used is the Elliptic Curve Diffie-Hellman (ECDH) algorithm.

8. The method of providing secure communication over a network of claim 7 further comprising the steps of: storing by the server stores arbitrary piece of data in the DHT that is then retrieved by a client; generating by the server a DHT key or descriptor d T ; calculating by the server a shared secret using a function over the private key S pri of the server and the public key C pub of the client; and when a client requests data from the DHT, generating by the client d T by concatenating the shared secret between the client and the server generated using a function over the client's private key C pri and the server's public key S pub .

10. The method of providing secure communications over a network of claim 7 , further comprising the step of generating by the server a different message for each client, even if each client should receive the same unencrypted message, due to the fact that the server uses the client's public key in order to encrypt an original message.

11. The method of providing secure communications over a network of claim 7 , wherein the DHT is the BitTorrent Distributed Hash Table.

12. The method of providing secure communications over a network of claim 7 , wherein the encryption algorithm used is the Elliptic Curve Diffie-Hellman (ECDH) algorithm.